That's why the findings of an aviation blogger -- John Butler -- are particularly troubling. They represent a serious compromise in security procedures by allowing passengers to know, via inspecting their barcode, whether they will be subject to conventional screens.

The flaw is specific to the TSA's pre-screening program. That program allows frequent fliers to pay a fee to get to skip certain digital screening requirements. Passengers who pay the fee get to carry on approved liquids in their luggage, don't have to remove their personal electronics, and can keep their belts/shoes on, when travelling through the scanners.

The idea is that the passengers are pre-screened to try to weed out potential violent threats, and then to use the possibility of random screens to deter any would be terrorists from going to great lengths to try to exploit the program.

Except the screens weren't random. According to Mr. Butler, they appear to be pre-determined, and worse yet the barcode on your ticket tells -- without encryption -- whether you will be screened.

The majority of the barcode encodes your name, flight number, departure city, destination city, seat number, etc. But the final encoded number is a mysterious '1' or '3'. The number encodes a number of beeps that prompts the TSA agents -- in predetermined fashion -- whether to screen the passenger (1 beep means no conventional pre-check, 3 beeps means to do a conventional pre-check).

II. Want to Illegally Skip Security? Print a Modified Boarding Pass

As Mr. Butler points out, a malicious flyer could read their bar code information, then re-encode a new bar code with the '3' replaced with a '1'. The blogger summarizes:

What terrorists or really anyone can do is use a website to decode the barcode and get the flight information, put it into a text file, change the 1 to a 3, then use another website to re-encode it into a barcode. Finally, using a commercial photo-editing program or any program that can edit graphics replace the barcode in their boarding pass with the new one they created. Even more scary is that people can do this to change names. So if they have a fake ID they can use this method to make a valid boarding pass that matches their fake ID. The really scary part is this will get past both the TSA document checker, because the scanners the TSA use are just barcode decoders, they don’t check against the real time information. So the TSA document checker will not pick up on the alterations. This means, as long as they sub in 3 they can always use the Pre-Check line.

Sterling Payne, in a comment toThe Washington Post, refused to say whether Mr. Butler's findings were accurate or not. He comments, "TSA does not comment on specifics of the screening process, which contain measures both seen and unseen. TSA Pre Check is only one part of our intelligence-driven, risk-based approach."

According to The Washington Post, many boarding passes come with verification codes, which could prevent the attack from being carried out. However, the publication notes that some boarding passes are marked as "unverified" and appear to still be validated. As boarding passes can be printed up to 24 hours in advance, attackers could have a window of opportunity to analyze and modify an unverified pass.

Chris Soghoian, an advocate at the American Civil Liberties Union, said poor security is nothing terribly new for the TSA. He created a website back in 2006 that allowed people to create fake boarding passes to test TSA security.

He comments on the latest hole, "If you have a team of four people [planning an attack], the day before the operation when you print the boarding passes, whichever guy is going to have the least screening is going to be the one who’ll take potentially problematic items through security. If you know who’s getting screened before you walk into the airport, you can make sure the right guy is carrying the right bags."

The temptation, he points out, might be to use profiling or other tactics, but he notes the ACLU opposes them. He says such methods are unnecessary, if the TSA just did its job and encrypted the information on the passes. At the end of the day that's the same conclusion Mr. Butler came to.

Both men made it clear that they did not test the attack by printing fake boarding passes. Mr. Butler stated that he believed that was a "legally grey area and morally black one", while The Washington Post suggests, "[It] is illegal to tamper with a boarding card under U.S. law."

quote: Except the screens weren't random. According to Mr. Butler, they appear to be pre-determined, and worse yet the barcode on your ticket tells -- without encryption -- whether you will be screened.

I don't get this guy's point. The screens could still be random- they'd just be randomly selected by the computer before printing your ticket. And the fact that the barcode isn't encrypted doesn't mean anything, either- it could print a red flag on your ticket for all I care.

The fact is that if they actually randomly selected people at the checkpoint, eventually they'd randomly select an innocent Muslim guy, and eventually one of those innocent Muslim guys would sue the TSA, claiming he was singled out because of his race. The TSA wanted to avoid that so they made the random selection happen when you printed your ticket, without ever seeing what you look like.

They gave an example. You get the ticket before going through security so you could check it before security. If you're in a group chances are all of you aren't getting checked. So you just give the stuff you want to get through security to guy with the winning ticket.

quote: The screens could still be random- they'd just be randomly selected by the computer before printing your ticket.

The proper term would be pseudorandom, but yes you could argue that, if you want to pick and semantics.

But the point is that the passenger can know -- in advance -- whether they will be screened, rather than if the system simply relied on impromptu checks by agents following a code of guidelines, but with no specific instructions of when to search.

An encrypted ticket would also be a pseudorandom approach, but it would appear random to the passenger, as unless they cracked the encryption they would not know they were being searched.

When it comes to the digital world, most randomness is purely perceived and not really random at all.

I think the real point is that the TSA is stupid enough to encode the data on the barcode in the first place. Best practices would be to encode a psuedo-random ID or an obfuscated ID number that is linked to the information in TSA's database. That way the passenger doesn't have access to it or any reasonable way to change it.

You don't even have to have a real boarding pass. Download a copy of photoshop and build your own.

If you really didn't care that it was a plane but still wanted to disrupt flying you don't even need a fake boarding pass you could just wait until you are in the middle of the security line and detonate yourself. Then TSA would have to have pre-security for the security line. Then someone could detonate themselves in the pre-security line forcing TSA to have a pre-pre-security line....

Even worse.What do you think would happen if a group of heavily armed terrorist jumped out of a van, rushed to the security line, and started shooting anyone in their way?The TSA agents would scatter like cockroaches, and the terrorist would have a free run to the boarding area/planes.

quote: You don't even have to have a real boarding pass. Download a copy of photoshop and build your own.

Nonsense, there is no need to go to such trouble as using photoshop.

Most of the boarding passes are put out as a PDF file. With acrobat, you can save a copy and just change dates and numbers of the original and reprint. Know someone who did this regularly did this to change his boarding status so he could get overhead space and never had a issue.

Same thing can be done to change the dates on a boarding pass or other numbers, just paste a new number over the old and as long as the font matches, no problem. People already do this.

I'm not sure what your asking. Intent is relevant. Altering the bar code to move your seat from coach to 1st class? Yes its immoral, you're stealing. Altering the code to bypass the "random" search for the purpose of bringing something illegal onboard? Yes, that's immoral as well. Does this answer your question?

Both men made it clear that they did not test the attack by printing fake boarding passes. Mr. Butler stated that he believed that was a "legally grey area and morally black one"

It was in reference to that. So basically asking does tampering with a barcode for non nefarious reasons, like privacy or education constitute a morally black area? If anything I'd think it'd be at least morally grey.

It's probably not a good idea to forge info on your boarding pass, but immoral? Only if you're a terrorist. Hypothetically, if someone who is not carrying anything dangerous were to tamper with their boarding pass to avoid being searched, there would be nothing particularly immoral about it.

TSA is going down the route of "risked based screening" of which the idea is to separate passengers based on the risk they provide to aviation security. For example, children under 12 and adults older than 75 are deemed low risk passengers, thereby are allowed to keep on footware and light jackets on while passing through the metal detector. They also receive less invasive pat-downs than the rest of the public (children under 12 should likely not have any pat-downs anymore).

Under risked based screening there is a program that is available at some airports called TSA Pre-Check, the idea is that you submit yourself and extra information for DHS to basically run a background check on you. If you are accepted into the program you get to use Pre-Check lanes at airports that are using this program. As stated in the article you are still restricted to all the same rules that everyone else must follow (liquids under 3.4 ounces) but you can keep them in your bag (as well as large electronics). The reasoning behind it is once you "pass" the background check you are deemed "low risk" thus the TSA wants to make it easier and faster for you to get through the checkpoint (in your own lane to my knowledge).

With less time focused on you (or as the TSA says it less focus on passengers that are low risk) they are able to spend more time and resources on passengers they dont know (higher risk). I won't argue the merits of the system as I have my own misgivings, but the head of the TSA is moving forward with this hoping it will provide better security on a smaller budget.

The article seems to be talking about Precheck but discusses breaking the "code" on a passengers boarding pass, however, anything you do with your boarding pass (say reprint with different numbers) will not change your identity or create you a file under TSA Pre-check. When you go to do Pre-check what matters is your identity as that with your photo ID will be verified against the Pre-Check database.

The article also mentions "random" screening. Some passengers get selected for additional screening (pat-down, search of carry on and luggage) by the airlines (in conjunction with government watch/no-fly lists). While there is a marker present on the boarding pass and luggage tag (which passengers dont have access to), none of the markers are the ones displayed or being discussed in this article.

The only other "random" screening has nothing to do boarding passes is the random generator in the AIT or metal detector, or the "playbook" which each Federal Security Director implements at their airport to conduct random screenings of not just passengers, but also TSA, vendors, airline staff, custodians, etc.

Frankly the articles about the TSA on Dailytech, while usually good in discussing important matters of civil liberties, most seem to be fairly inaccurate with the factual backbone of the article and more "sensationalist".

quote: The article seems to be talking about Precheck but discusses breaking the "code" on a passengers boarding pass, however, anything you do with your boarding pass (say reprint with different numbers) will not change your identity or create you a file under TSA Pre-check. When you go to do Pre-check what matters is your identity as that with your photo ID will be verified against the Pre-Check database.

Its not talking about precheck. Its saying that if you change the one number you can avoid the normal "intrusive" search. Because the bar code scanners are presumed to be not connected to any network for real time updates.

Also random checks are just used to make you feel safe. Like hiding under a blanket. I have been "randomly" checked almost 100% of the time. But that is life, it will always be based on what you look like. Except on the internet.

quote: Its not talking about precheck. Its saying that if you change the one number you can avoid the normal "intrusive" search. Because the bar code scanners are presumed to be not connected to any network for real time updates.

There's nothing else the TSA offers besides Pre-check that remotely resembles what the article mentions. In fact some of the things mentioned (liquids and laptops can be left in bags) is only allowed with Pre-check.

Normal checkpoint lanes can use bar code scanners, however Precheck (which is the only thing the article can be talking about) uses an actual computer system that checks the Pre-check database for your identity (it will actually bring up your photo and your information).

I'm not saying there can't be a flaw in the system, but this article is so inaccurate with the facts of what actually exists, I rather doubt it at this point.

I forgot to emphasize that there is nothing on a boarding pass that exists that allows you to "avoid normal intrusive search(es)". The only things that exists is Pre-Check (which allows some things to be left in your carry on) and age differences of less than 12 and older than 75 (which allows footware/jackets, and less intrusive patdown).

Did anyone consider the possibility that it could be a reverse tactic to trick people into thinking that they won't be screened, but in fact will?

OK, not yet, but now that the cat is out of the bag, it's a way to play the terrorists, let them think they won't be screened when in ... oh never mind, we're talking the TSA.

I am glad that finally they are screening based on risk.The Israelis have been doing that since the 80's works pretty good for them.

It sounds like we're doing an improved version, with deeper back ground checks. I'm all for that, and if we lose one or two planes every few years, well, we have car wrecks and catch diseases because we interact with others, a certain level of accepted risk promotes freedom of movement and gained opportunities for wealth and prosperity and security and even more health and life.

Sometimes, increased risk means more productivity and from that extra wealth, more health and much less 'risk' in the end. Better than the dangers of living in chains with less time / opportunities lost, salvations squandered.

Sounds like you're pushing a Libertarian fantasy. The reality is that if terrorists were successfully in bringing down planes on a regular basis, the airlines would take a huge beating financially and businesses would suffer because employees would be less willing to travel when business needs call for them to. Leisure industries would also be slammed by reductions in tourism.

Other than in Libertarian fantasy world, I don't see how that would result in greater wealth. The fact is that the current TSA checks are inconvenient, but not nearly as annoying as other "free market" actions by the airlines, such as charging more money for more cramped seats, gouging for baggage fees, boarding perks, bad food, etc. Capitalism is great, but it doesn't always produce an optimal experience.

My wife and I have both applied for the "TSA Pre" program, and should be getting appointment times for personal interviews shortly.

I HATE the current sheeple TSA screening because it assumes everyone is a potential terrorist, rather than looking at the obvious fact that terrorists to date have had certain characteristics (to date not a single grandmother or small child has blown up an aircraft, for example).

So how to make the TSA Pre line secure? I have to assume there's more to it than just checking for a "3" at the end of a boarding pass. If not, additional measures obviously need to be added.

quote: to date not a single grandmother or small child has blown up an aircraft, for example

Yeah, thanks to the TSA screening! </sarcasm>

But seriously, while we haven't had a plane blown up from those people specifically, there have been old women suicide bombers, child soldiers, white midwesterners blowing up buildings and flying planes into them, and on and on. The question really has to be, for the TSA, is 99% effective good enough? If it isn't, then profiling isn't good enough. Everyone IS a potential terrorist, although the odds aren't equal.